Fuzzing: What Is It?

Written by Saran on September 24, 2010

A computer (credit: http://www.flickr.com/photos/amagill/

Fuzz testing may sound like a term far removed from the IT world, but fuzzing is a good way of discovering weaknesses in a network, application or server before others do. Fuzzing involves bombarding a program with randomly generated data to see if it’ll withstand the overload. If it fails, either by crashing or not executing a specific code, then there’s a defect you need to find and correct. Hackers can use fuzzing to find what bugs exist in an application, for example, a web browser, and then create specific code to exploit the application’s weaknesses. But if these bugs are discovered before they can be exploited then a way can be found to fix these exploitable bugs.

Testers can use fuzz testing to find out if the current software being used have easily exploitable vulnerabilities. It is probably the closest approximate to a real-world situation when data coming into a system or application doesn’t always follow validation rules. While fuzzing, testers keep a record of all the data they create, so it’s easy can keep track of what specifically caused any errors. It’s also relatively cheap to perform fuzz testing, and it can be used to compare the security of different programs and operating systems. Open source fuzzing tools and tests for different applications and systems are now available online. Though fuzzing doesn’t guarantee to find every error-producing event and bug that can occur on your system, it does give an idea of where intruders might try to attack. Errors like buffer overruns and attacks on cross-site scripting can be prevented by fuzz testing.

[tags]fuzzing,bugs,buffers,phishing,pharming,software,errors,intruders[/tags]

Tags: , , , , , , , , ,

Categories: IT Security Basics, Tips

Comments Off

A Few Tips to Avoid Phishing

Written by Saran on September 17, 2010

phishing example Chances are that when you open your inbox today you’ll find an e-mail claiming to be from your bank, an e-commerce site, or another online site you’ve visited. They might offer you an upgrade to your account, inform you that there’s been changes to their, and asks you to verify your account information. This could be a phishing attempt to get sensitive information like your personal information or passwords. Fortunately, you can avoid getting scammed by taking these precautions:

  • Be suspicious of any email with urgent requests for personal financial information. Phishers are getting more sophisticated in their attempts, so even if an e-mail appears to be legitimate, look for proof that it came from your e-commerce company. They should be personalized and carry information that only you and your company would know. They might show partial account numbers or other verification tools.
  • Use anti-virus software and a firewall, and keep them up to date. Phishers sometimes include script that can track your activities on the internet without your knowledge.
  • Never use the links in an e-mail to go to any webpage. Phishers will redirect you to a bogus site to trick you into logging in your account number and password. Log onto the website by typing in the web address to your browser. At the same time, never call any numbers in the e-mail. It could lead you to a VoIP provider that isn’t connected to your company at all.
  • Never fill out forms in e-mail messages asking for your personal financial information. Your e-commerce company would never ask you to send sensitive information in that manner.
  • Check your bank, credit, and debit card statements regularly to see if all your transactions are legitimate. Report any suspicious withdrawals immediately.
  • Finally, report the phishing attempt you received to your company and other anti-phishing groups.

[tags]phishing,spam,spoof emails,indentity theft,pharming,spam filtering[/tags]

Tags: , , , , , , , , ,

Categories: General, Privacy & Anonymity, Real-World Issues, Tips

Comments Off

Managing Your Passwords

Written by Saran on September 13, 2010

passwordmanagerscreen.jpgAre you like me who has the bad habit of forgetting the passwords to your online accounts? Except for sites I frequently visit, like those for web-based services, I can’t keep track and lose passwords all the time. There’s no true solution to this problem. I’ve tried using the same passwords for multiple accounts, but that’s pretty dangerous – if one of your accounts gets hacked, they can guess what sites you frequent and gain access to your data. Writing it down can be downright dangerous – it’s even easier to lose paper and notebooks during your daily routine. It also boils down to an issue of trust with the people you live and work with.

The situation’s pretty dire if a relative passes away and all his contacts are in an online address book. The was the the case of William Talcott, a San Francisco poet who passed away in June and basically took his password to the grave. His daughter was unable to contact his friends, and though the web provider will grant them access after a court order, it will take months of legal haggling in court, causing needless emotional pain for his descendants

The solution? A password manager that keeps track of your passwords. Some users make their own with their database and password locking it, but these makeshift databases aren’t encrypted and they’re quite easy to crack. There are commercial and open source password managers available for download online. All you need to do is add the website, your account name and password, select one password to lock your data, and then it will keep track of your passwords for you. They offer different features, which can include password generators, autoform filling, and different levels of encryptions. Some sites, like those of banks and other e-commerce activities, don’t allow autoform filling for security reasons. Though most of these are currently made for Windows, there are also versions for other operating systems. A word of warning though: if you forgot your password to your password manager and it doesn’t have a retrieve password option, you can’t access your database. So make sure to remember your database password!

[tags]passwords,e-commerce,operating systems,online security,phishing[/tags]

Tags: , , , , , , ,

Categories: IT Security Basics, Security Policies, Tips

Comments Off

Phishing for Personal Information

Written by Saran on July 20, 2010

Phishing over the web can be typified with that of trying to get personal information for mischievous use. Receiving unsolicited emails coming from unknown origins which would make you believe that you have won something in a lottery or a sweepstakes contest are the common forms of phishing.

Gone Phishing

The people who send you these emails are merely after your personal information. They would get information such as credit card numbers, bank accounts, and other useful information to which they can use over the web, an open space of being able to transact with a lot of security breaches that most people know today.

Some would even provide links to certain pages which are professionally done, all the more deceiving a person that the offer is for real. But the next time you get such e-mails from an unknown source, all you have to do is just think about it for a second. How can you get such mails from someone or something that you don’t even remember joining? The rest is history.

Tags: , , , , ,

Categories: IT Security Basics, Privacy & Anonymity, Tips

Comments Off

Be Careful of Hyperlinks in Messages

Written by Saran on September 30, 2008

We all know that some people using the web for success are desperate and regardless if the message comes to you via email, comments or an instant message, do not click! It is easy to spot suspicious messages. For one, if there is no sane explanation on why you should check it out, refrain from doing so. The difference between clicking may make the difference as far as safety and security for your computer or workstation is concerned.

For most, this may seem redundant. Who in his right mind would click a link gone unsolicited? Well that is true but we forget to consider that not all people are aware of the benefits and dangers that await them on the web.

Just like in modern society, you can expect some tactics that can really deceive you. They are not obvious and in fact can come in any from. In fact, you can even get them from friends who may think that such links to site as harmless. Leading the pack for suspicious links would include:

1. Free software links
2. Files or Images
3. Money making scheme programs
4. Unsolicited Sign Ups

Of course, you would have to consider, to get people to click on links, it has to be entirely in their interest. For most, it is too tempting to resist. Especially if you have not encountered them or have been educated of these threats, chances are you may experience them first hand and may become a forgettable one for overlooking the value of security on the web.

Tags: , , ,

Categories: Instant Messaging, IT Security Basics, Malware, Privacy & Anonymity, Spyware

Leave a Comment

Users Should Set their Passwords Independently

Written by Saran on August 8, 2008

As far as security when it comes to computer or network access is concerned, does the real beef in being safe and secure really lie in passwords? There are about billions of potential combinations before a hacker can be able to find out your password but just the same, there are other ways to get it like phishing or probably common passwords that some take for granted these days.

Unless you have been among the many victims of being hacked for access on certain programs or events, chances are you may not even care if and when another person would suddenly gather interest in hacking your account. Surely, not all people may have something interesting to go all through the trouble of but just the same, the bragging rights and distinction of being able to crack the access granted to a certain program, site or email is still vulnerable.

Passwords are slowly losing their use. They are indeed security precautions but perhaps the best person to make sure that they still serve their purpose would be the person who is given access. It is not all about making it hard to guess but making sure that you are the only one who knows it by heart and mind.

Also, do not be content with being assigned one. You should have the freedom to set your own password without anyone knowing it. This is one thing about security administration these days. Administrators should not be the only one to set passwords but the actual users themselves.

Tags: , , , ,

Categories: General, IT Security Basics, Tips

Leave a Comment

DomainKeys, Protecting more Googler’s

Written by Saran on June 22, 2008


The problem with spam and phishing has become so much of a problem that Google, has resorted to using Yahoo’s patented DomainKeys technology to protect their email users through Gmail with the security system. DomainKeys was patented and developed by Yahoo but was released under a dual license under the GNU General Public License which allowed the software technology to become a widely accepted internet standard. It uses encryption technology to verify that the domain from which mail comes from is in fact the true source of the sent mail blocking re-directed spam and other malware from taking flight. These types of technology have been vital in the protection of consumers who do online shopping, many of whom fall victim to fake and phishing scams resulting in financial losses.
Internet companies themselves get victimized in terms of the resources they have to allocate to resolve such incidents that start from eBay transactions gone bad that hackers use as phishing tools. Once these people get their hands on the account information of legit users, they go on expensive shopping sprees that costs the e-commerce industry a lot of lost revenue. It also causes a lot of misinformation on the security and reliability of online stores (some are truly legit but most are well…..). Hopefully more and more fake PayPal and eBay scams would be denied giving people more time to develop better protection systems. There are a lot of tips on the internet about online safety with regards to these email and other scams so you’d better brush up and stay informed of the latest news if you love online shopping and haggling over eBay. Safe online Shopping everyone!!

Tags: , , , , ,

Categories: General, Network Security, News, Physical Security, Privacy & Anonymity, Real-World Issues, Security Policies

Leave a Comment